Hacked for the Holidays: How Shopping Online Leads to Cybercrime

by · November 26, 2013

More Americans than ever are planning to buy their Christmas presents online this year, according to an annual survey by Deloitte Consulting of New York. Consumers will spend $61.8 billion on e-commerce in November and December, up 15% from the same time last year, says eMarketer.

But many consumers who love the savings and the convenience of shopping online don’t realize cyber crooks shop online, too – for their victims’ personal information. Shoppers preoccupied with finding online holiday bargains together with lax security and large amounts of sensitive data stored on their computers and mobile devices make them top targets of holiday hackers.

Here’s what to watch out for to avoid becoming a holiday cybercrime victim:

Password hacking. Weak passwords (or no passwords at all) on your mobile devices give fraudsters a gift that keeps on giving: access to all stored information. According to a 2013 survey by McAfee, 36% of smartphone users don’t use passwords to protect their devices. Be sure to secure your smartphone or tablet with a long password – a mix of letters, numbers, and symbols – so hackers can’t crack them. And never store passwords on your mobile devices.

Rogue holiday apps. A recent survey by the National Retail Federation found that over half of smartphone owners and six out of 10 tablet owners plan to use their devices for holiday shopping related activities. Many consumers use more than 10 apps on their devices during a typical week, a lot of which keep them logged into their accounts – including email, text, banking, and social media – for long periods of time. Software from online app stores used for holiday shopping may look legit. It may even have company endorsements. But it could be carrying malware designed to steal your personal data and make charges to your accounts. Review mobile apps carefully before downloading. Check with the source of app endorsements that they’re real. And only install apps from trusted sources such as Google Play and the Apple App Store.

Phony e-commerce sites that lure shoppers looking for bargains can spell big trouble – stealing our personal information and our money. Check with the Better Business Bureau to confirm that the website is reputable. And only use websites that are encrypted – ones that start with https – to allow for secure transactions. Https isn’t foolproof. But it still provides protection against many online security threats.

Holiday Phishing and SMiShing scams. If an email or social media bargain sounds too good to be true, it probably is. Don’t click on any suspicious links that could be designed to swipe your personal information. And watch out for holiday SMiShing that appears in gift card messages in which fraudsters posing as financial institutions ask you to confirm information for security purposes. Banks and credit card companies will never ask you for this information online.

Unsecure WiFi hotspots are a favorite hangout for holiday hackers. A recent survey by McAfee found that 73% of respondents are just fine with using free WiFi and 54% plan to use smartphones for holiday shopping. But since most WiFi hotspots are unsecure, shopping on them can lead to your accounts being compromised and your being identity stolen. Anti-virus and anti-malware software won’t protect your online traffic at WiFi hotspots. To do that, you need a personal VPN that sends your information through a secure tunnel, making it invisible to hackers.

In a November 2013 survey conducted by PRIVATE WiFi™ and the Identity Theft Resource Center, 79% of respondents said they don’t use a VPN even though they know they should. If that sounds like you, give yourself the gift of online security this holiday season with a personal VPN like PRIVATE WiFi.™